On 28 Jan 2016, at 00:06, Andreas Krey <a.krey@gmx.de> wrote:

(It also occurred to me that you don't actually
need to be the clearservice org to be able
to set up an onion for them, as long as there
is no https enforced/needed on the onion side.)

Yes, which is a bit of a security nightmare.
Malicious onion sites proxying clearnet or onion sites is a known issue.

There was a post on tor-talk about it recently:
https://lists.torproject.org/pipermail/tor-talk/2016-January/040038.html

Tim

Tim Wilson-Brown (teor)

teor2345 at gmail dot com
PGP 968F094B

teor at blah dot im
OTR CAD08081 9755866D 89E2A06F E3558B7F B5A9D14F